add support for wafv2 webacl

Signed-off-by: Kirill Sushkov (teeverr) <kirill.sushkov@swisscom.com>
crossplane-contrib · Feb 26, 2025 · 0ee993e · 0ee993e
1 parent 99de658
commit 0ee993e
Show file tree

Hide file tree

Showing 22 changed files with 20,260 additions and 12 deletions.
diff --git a/apis/aws.go b/apis/aws.go
@@ -95,6 +95,7 @@ import (
 	transferv1alpha1 "github.com/crossplane-contrib/provider-aws/apis/transfer/v1alpha1"
 	awsv1alpha1 "github.com/crossplane-contrib/provider-aws/apis/v1alpha1"
 	awsv1beta1 "github.com/crossplane-contrib/provider-aws/apis/v1beta1"
+	wafv2v1alpha1 "github.com/crossplane-contrib/provider-aws/apis/wafv2/v1alpha1"
 )
 
 func init() {
@@ -175,6 +176,7 @@ func init() {
 		servicecatalogv1alpha1.SchemeBuilder.AddToScheme,
 		s3control.SchemeBuilder.AddToScheme,
 		firehosev1alpha1.SchemeBuilder.AddToScheme,
+		wafv2v1alpha1.SchemeBuilder.AddToScheme,
 	)
 }
 

diff --git a/apis/wafv2/disabled-generator-config.yaml b/apis/wafv2/disabled-generator-config.yaml
@@ -0,0 +1,69 @@
+# NOTE(teeverr): this config file was used for ACK generation(make services SERVICES=wafv2) via ack-code-generator v0.38.1,
+# then these types were backported to v0.26.1(current version in January 2025), and then the controller code was generated(make generate) by ack-code-generator v0.26.1.
+# The reason is that ack-code-generator supports empty shapes(https://github.com/aws-controllers-k8s/code-generator/pull/536) and
+# set: ignore directive(https://github.com/aws-controllers-k8s/code-generator/pull/464) only since version v0.38.0.
+# But github.com/aws-controllers-k8s/code-generator v0.38.0 and higher brings a lot of other changes: 1) it automatically detects new aws resources
+# for cloudfront, cloudwatchlogs, eks, elasticache, elbv2, prometheuservice, s3control 2) breaks camelcase naming pattern for some fields, for instance
+# RecrawlPolicy(glue crawler) field becomes RECrawler 3) Controller servicecatalog/provisionedproduct(probably something else) loses some methods of `external` object.
+# 4) Every crd has changes in description of fields (primary it is about indents/new lines)
+# So these massive changes definitely require a dedicated PR, and until that I disabled this config.
+---
+ignore:
+  resource_names:
+    - APIKey
+    - IPSet
+    - RegexPatternSet
+    - RuleGroup
+  field_paths:
+    - CreateWebACLInput.Name
+    - UpdateWebACLInput.Name
+    - DeleteWebACLInput.Name
+    - GetWebACLInput.Name
+    - WebACL.Rules.Statement.AndStatement
+    - WebACL.Rules.Statement.OrStatement
+    - WebACL.Rules.Statement.NotStatement
+    - WebACL.Rules.Statement.ManagedRuleGroupStatement.ScopeDownStatement
+    - WebACL.Rules.Statement.RateBasedStatement.ScopeDownStatement
+empty_shapes:
+  - All
+  - Method
+  - UriPath
+  - QueryString
+  - AllQueryArguments
+  - RateLimitIP
+  - RateLimitForwardedIP
+  - RateLimitHTTPMethod
+  - NoneAction
+operations:
+  GetWebACL:
+    output_wrapper_field_path: WebACL
+resources:
+  WebACL:
+    fields:
+      # The statements below have infinite recursion(e.g. Statement.AndStatement.Statements contains list of Statement), so it's ignored and replaced with a string. The controller expects json string for these fields.
+      Rules.Statement.AndStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.OrStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.NotStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.ManagedRuleGroupStatement.ScopeDownStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.RateBasedStatement.ScopeDownStatement:
+        type: string
+        set:
+          - ignore: "all"
+      Rules.Statement.ByteMatchStatement.TextTransformations.Type:
+        go_tag: json:"type,omitempty"
+    exceptions:
+      errors:
+        404:
+          code: ResourceNotFoundException